Architecture-based regulatory compliance argumentation

Boyan Mihaylov, Lucian Onea, Klaus Marius Hansen*

*Corresponding author af dette arbejde

Abstract

Standards and regulations are difficult to understand and map to software, which makes compliance with them challenging to argue for software products and development process. This is problematic since lack of compliance may lead to issues with security, safety, and even to economic sanctions. An increasing number of applications (for example in healthcare) are expected to have to live up to regulatory requirements in the future, which will lead to more software development projects having to deal with such requirements. We present an approach that models regulations such that compliance arguments can be made in a principled way based on architectural requirements and architectural decisions. In particular, we discuss how one can form architectural requirements which are linked to regulatory texts. We then argue for completeness and correctness of this bi-directional link. We evaluate the approach on the migration of the telemedicine platform Net4Care to the cloud, where certain regulations (for example privacy) should be concerned. The approach has the potential to support simpler compliance argumentation with the eventual promise of safer and more secure applications.

OriginalsprogEngelsk
TidsskriftThe Journal of Systems and Software
Vol/bind119
Sider (fra-til)1-30
Antal sider30
ISSN0164-1212
DOI
StatusUdgivet - 2016

Fingeraftryk

Dyk ned i forskningsemnerne om 'Architecture-based regulatory compliance argumentation'. Sammen danner de et unikt fingeraftryk.

Citationsformater